Re: [lamps] Murray Kucherawy's No Objection on draft-ietf-lamps-lightweight-cmp-profile-18: (with COMMENT)
"Murray S. Kucherawy" <superuser@gmail.com> Thu, 12 January 2023 18:03 UTC
Return-Path: <superuser@gmail.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0D9E9C1BED3F; Thu, 12 Jan 2023 10:03:19 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tLuxprHrVZiE; Thu, 12 Jan 2023 10:03:18 -0800 (PST)
Received: from mail-ej1-x630.google.com (mail-ej1-x630.google.com [IPv6:2a00:1450:4864:20::630]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8202AC1BED3B; Thu, 12 Jan 2023 10:03:18 -0800 (PST)
Received: by mail-ej1-x630.google.com with SMTP id u9so46746721ejo.0; Thu, 12 Jan 2023 10:03:18 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=BhzLpM06uwxFTY1CVBqIvJAAz7FNMcxhrW2+709mPkg=; b=b2EiXz5PfEcIlywKlPLI0jE1XsB6Y9yFgqci7DAN4hmMtWV9zk6Jvf2x267A3GrH46 gYYu86Jl+IRgNT0NWIMezWJGvbXxqgfy4dBXyCR+ONKxqqnDciLEL4xD7+tS0V/uOeeK s7qJcMgRdq02tnm2U7x22jpFVZvVNb48BMCdJuBv2hfGywHZwPh9d4vCO3k4udNYBU0O EfC+mb3CDngsFQ02mk2hyDWoZk93Md1cw/A2etp6e5oq2cdN/Gc6+vojuVQQQGWstQzx gXzDS1fo/NMGnXZC0qsFlBXOtsXi5M6M47DJfUlDQf321vy1L4R2Hi117RHHt60wlPy1 PZSQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=BhzLpM06uwxFTY1CVBqIvJAAz7FNMcxhrW2+709mPkg=; b=eU2xHRQQIThzLt0msgQmSP/w2ctqe8ETvz26IruzYjv7oLAU/3Jgc6kJxoGsg/VP6d clSMo4tZJozImAOSJEH38H8nT0WkyBpc5r6h8U1Lu+NNZofghCIaK1HoSKRuvDfBwFNG c6zRjVOUtknx8JhDZ7x5rjCoQrU7RzLleaA4k5vLFrFdYQ6J3MiS8pyzXaGPerv7CmuN rVhqJaJbUASAJIhRLmofsg2Qtwt4fLsWMJhm9RqWETsweuzM+srQ4hjTLYOHXIagifQu glSq4QU6o2gX9GMPdhmkv431crb2IO7B9PDM2e1ywHCoeiwGaGQPGzkb6fR2tKhiJzb5 QyiQ==
X-Gm-Message-State: AFqh2kpC3hRZaDc64WJ35OTk2MjtVzK4GaZaIa4TXwCkbNyqx+VUl50U /+g46bBGZsanCq3Bfe6ZsoCLMI7hrCbOeMCXhHs=
X-Google-Smtp-Source: AMrXdXvAOH9O6u9bMRoXRzlyuIik6O3BSjuPkfIo4cVGkjgrQ3tZHlctN6n6o1MBpJYBOgHwV7VP0GnA7tRIqr6/No0=
X-Received: by 2002:a17:906:281b:b0:7c1:98f:be57 with SMTP id r27-20020a170906281b00b007c1098fbe57mr4478535ejc.97.1673546596817; Thu, 12 Jan 2023 10:03:16 -0800 (PST)
MIME-Version: 1.0
References: <167091047171.45635.975609146244768236@ietfa.amsl.com> <GV2PR10MB62106D9F748CEA4BA9EA638EFEE09@GV2PR10MB6210.EURPRD10.PROD.OUTLOOK.COM> <GV2PR10MB6210DFE1B688E410B8E1869FFEFE9@GV2PR10MB6210.EURPRD10.PROD.OUTLOOK.COM>
In-Reply-To: <GV2PR10MB6210DFE1B688E410B8E1869FFEFE9@GV2PR10MB6210.EURPRD10.PROD.OUTLOOK.COM>
From: "Murray S. Kucherawy" <superuser@gmail.com>
Date: Thu, 12 Jan 2023 10:03:04 -0800
Message-ID: <CAL0qLwZsd_Wwi4QoUBub-7UXJ9QBy+JUM-3z+y5++WVTTOJfeA@mail.gmail.com>
To: "Brockhaus, Hendrik" <hendrik.brockhaus@siemens.com>
Cc: Roman Danyliw <rdd@cert.org>, The IESG <iesg@ietf.org>, "draft-ietf-lamps-lightweight-cmp-profile@ietf.org" <draft-ietf-lamps-lightweight-cmp-profile@ietf.org>, "lamps-chairs@ietf.org" <lamps-chairs@ietf.org>, "spasm@ietf.org" <spasm@ietf.org>, "housley@vigilsec.com" <housley@vigilsec.com>
Content-Type: multipart/alternative; boundary="0000000000006b203505f214ee2a"
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/Ay8yR-SsrNrmecy_ukRvCL4WjgE>
Subject: Re: [lamps] Murray Kucherawy's No Objection on draft-ietf-lamps-lightweight-cmp-profile-18: (with COMMENT)
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 12 Jan 2023 18:03:19 -0000
On Mon, Jan 9, 2023 at 8:07 AM Brockhaus, Hendrik < hendrik.brockhaus@siemens.com> wrote: > Murray > > Last week the co-authors and I managed to align on how to address your > comments. Please see our proposal for an updated version of the draft > below. > I hope these generic changes sufficiently addresses your comment > sufficiently. Changing the entire document instead, will be a mayor effort. > > @Roman, I hope these changes are appropriate after IESG review. If you have > any concerns, please let me know. > > [...] > Hi Hendrik, I appreciate the attention you're giving to this, especially since this isn't a DISCUSS position. Succinctly, it seems like you're trying to widen the definition of SHOULD as defined in BCP 14, and I'm having trouble understanding what you're seeking to achieve by doing so. It seems to me like it might be simpler to just say "should" instead of "SHOULD"; that would be an easy way to avoid this sort of friction. Section 6 of RFC 2119 says in its entirety: Imperatives of the type defined in this memo must be used with care and sparingly. In particular, they MUST only be used where it is actually required for interoperation or to limit behavior which has potential for causing harm (e.g., limiting retransmisssions) For example, they must not be used to try to impose a particular method on implementors where the method is not required for interoperability. We have come to also allow use of BCP 14 key words around security and operations. For instance, "you MUST encrypt data in transit" has become a security best practice generally; "you SHOULD log this when it happens" is sound operational advice. However, the text of your abstract reads a lot like an Applicability Statement (Section 3.2 of RFC 2026), though, so I don't feel that it falls under those sorts of exceptions. SHOULD isn't intended to allow general mush around the requirement to do something; it's meant to say, in effect, "You really need to do this. Doing anything else threatens interoperability, so you need to be sure of what you're doing if you deviate." This is why we encourage, along with SHOULD, some kind of guidance around when one might decide not to do what the SHOULD says. I think your best options are either to revisit the SHOULDs you have and see about either adding some of the supporting text I'm suggesting, change them to MUSTs or MAYs, or just use "should" instead of "SHOULD". Again, I'm not holding a DISCUSS on this, and hence not making a demand. It's up to you and your AD to decide where you go from here. Thanks again for your consideration. -MSK
- [lamps] Murray Kucherawy's No Objection on draft-… Murray Kucherawy via Datatracker
- Re: [lamps] Murray Kucherawy's No Objection on dr… Brockhaus, Hendrik
- Re: [lamps] Murray Kucherawy's No Objection on dr… Brockhaus, Hendrik
- Re: [lamps] Murray Kucherawy's No Objection on dr… Murray S. Kucherawy
- Re: [lamps] Murray Kucherawy's No Objection on dr… Brockhaus, Hendrik